XSS vulnerability and information leak in user options CGI
Bug #1747209 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
High
|
Mark Sapiro |
Bug Description
CVE-2018-5950
A crafted URL for a user options page can cause a browser to execute arbitrary script encoded in the URL.
Also, in developing a fix for this issue it was discovered that a user options URL with a VARHELP query fragment would display the user options page without requiring login. No changes could be made and the settings revealed are not particularly sensitive, but this could be used to fish for membership on a list with a private roster.
Thanks to Calum Hutton for the original report.
Related branches
CVE References
information type: | Private Security → Public |
Changed in mailman: | |
status: | In Progress → Fix Released |
To post a comment you must log in.